Mask SIG{INT,QUIT} during pam_authenticate call (#1322)

Author: squell

src/pam/converse.rs

@@ -1,7 +1,10 @@
 use std::io;
 
 use crate::cutils::string_from_ptr;
-use crate::system::time::Duration;
+use crate::system::{
+    signal::{self, SignalSet},
+    time::Duration,
+};
 
 use super::sys::*;
 
@@ -65,16 +68,10 @@ fn handle_message<C: Converser>(
     use PamMessageStyle::*;
 
     match style {
-        PromptEchoOn => {
-            if app_data.no_interact {
-                return Err(PamError::InteractionRequired);
-            }
-            app_data.converser.handle_normal_prompt(msg).map(Some)
-        }
+        PromptEchoOn | PromptEchoOff if app_data.no_interact => Err(PamError::InteractionRequired),
+
+        PromptEchoOn => app_data.converser.handle_normal_prompt(msg).map(Some),
         PromptEchoOff => {
-            if app_data.no_interact {
-                return Err(PamError::InteractionRequired);
-            }
             let final_prompt = match app_data.auth_prompt.as_deref() {
                 None => {
                     // Suppress password prompt entirely when -p '' is passed.
@@ -89,6 +86,7 @@ fn handle_message<C: Converser>(
                 .handle_hidden_prompt(&final_prompt)
                 .map(Some)
         }
+
         ErrorMessage => app_data.converser.handle_error(msg).map(|()| None),
         TextInfo => app_data.converser.handle_info(msg).map(|()| None),
     }
@@ -106,25 +104,50 @@ pub struct CLIConverser {
 
 use rpassword::Terminal;
 
+struct SignalGuard(Option<SignalSet>);
+
+impl SignalGuard {
+    fn unblock_interrupts() -> Self {
+        let cur_signals = SignalSet::empty().and_then(|mut set| {
+            set.add(signal::consts::SIGINT)?;
+            set.add(signal::consts::SIGQUIT)?;
+            set.unblock()
+        });
+
+        Self(cur_signals.ok())
+    }
+}
+
+impl Drop for SignalGuard {
+    fn drop(&mut self) {
+        if let Some(signal) = &self.0 {
+            // Ignore any errors at this point
+            let _ = signal.set_mask();
+        }
+    }
+}
+
 impl CLIConverser {
-    fn open(&self) -> std::io::Result<Terminal<'_>> {
-        if self.use_stdin {
-            Terminal::open_stdie()
+    fn open(&self) -> std::io::Result<(Terminal<'_>, SignalGuard)> {
+        let term = if self.use_stdin {
+            Terminal::open_stdie()?
         } else {
-            Terminal::open_tty()
-        }
+            Terminal::open_tty()?
+        };
+
+        Ok((term, SignalGuard::unblock_interrupts()))
     }
 }
 
 impl Converser for CLIConverser {
     fn handle_normal_prompt(&self, msg: &str) -> PamResult<PamBuffer> {
-        let mut tty = self.open()?;
+        let (mut tty, _guard) = self.open()?;
         tty.prompt(&format!("[{}: input needed] {msg} ", self.name))?;
         Ok(tty.read_cleartext()?)
     }
 
     fn handle_hidden_prompt(&self, msg: &str) -> PamResult<PamBuffer> {
-        let mut tty = self.open()?;
+        let (mut tty, _guard) = self.open()?;
         if self.bell && !self.use_stdin {
             tty.bell()?;
         }
@@ -144,12 +167,12 @@ impl Converser for CLIConverser {
     }
 
     fn handle_error(&self, msg: &str) -> PamResult<()> {
-        let mut tty = self.open()?;
+        let (mut tty, _) = self.open()?;
         Ok(tty.prompt(&format!("[{} error] {msg}\n", self.name))?)
     }
 
     fn handle_info(&self, msg: &str) -> PamResult<()> {
-        let mut tty = self.open()?;
+        let (mut tty, _) = self.open()?;
         Ok(tty.prompt(&format!("[{}] {msg}\n", self.name))?)
     }
 }

src/pam/mod.rs

@@ -6,7 +6,10 @@ use std::{
     ptr::NonNull,
 };
 
-use crate::system::time::Duration;
+use crate::system::{
+    signal::{self, SignalSet},
+    time::Duration,
+};
 
 use converse::ConverserData;
 use error::pam_err;
@@ -153,9 +156,21 @@ impl PamContext {
         flags |= self.silent_flag();
         flags |= self.disallow_null_auth_token_flag();
 
+        // Temporarily mask SIGINT and SIGQUIT.
+        let cur_signals = SignalSet::empty().and_then(|mut set| {
+            set.add(signal::consts::SIGINT)?;
+            set.add(signal::consts::SIGQUIT)?;
+            set.block()
+        });
+
         // SAFETY: `self.pamh` contains a correct handle (obtained from `pam_start`)
         let auth_res = pam_err(unsafe { pam_authenticate(self.pamh, flags) });
 
+        // Restore signals
+        if let Ok(set) = cur_signals {
+            set.set_mask().map_err(PamError::IoError)?;
+        }
+
         if self.has_panicked() {
             panic!("Panic during pam authentication");
         }

src/system/signal/set.rs

@@ -79,6 +79,14 @@ impl SignalSet {
         Ok(unsafe { set.assume_init() })
     }
 
+    /// Add a signal to this set
+    pub(crate) fn add(&mut self, sig: SignalNumber) -> io::Result<()> {
+        // SAFETY: we pass a valid mutable pointer to `sigaddset`
+        cerr(unsafe { libc::sigaddset(&mut self.raw, sig) })?;
+
+        Ok(())
+    }
+
     fn sigprocmask(&self, how: libc::c_int) -> io::Result<Self> {
         let mut original_set = MaybeUninit::<Self>::zeroed();
 
@@ -97,6 +105,14 @@ impl SignalSet {
         self.sigprocmask(libc::SIG_BLOCK)
     }
 
+    /// Unblock all the signals in this set and return the previous set of blocked signals.
+    ///
+    /// After calling this function successfully, the set of blocked signals will be the previous
+    /// set of blocked signals without this set.
+    pub(crate) fn unblock(&self) -> io::Result<Self> {
+        self.sigprocmask(libc::SIG_UNBLOCK)
+    }
+
     /// Block only the signals that are in this set and return the previous set of blocked signals.
     ///
     /// After calling this function successfully, the set of blocked signals will be the exactly